This post discusses the dynamics of reporting lines in security, specifically through legal channels. Reporting to legal grants direct access to the CEO but may narrow focus to regulatory concerns, resembling internal audit duties. Leveraging legal compliance enhances security without neglecting broader obligations. Engaging legal counsel supports effective security posture and data protection.
Resurrecting My Blog: A Journey in Security
While I was writing my blog posts back when I was looking for work last year, I was really enjoying blogging again. In a previous life I used to blog about personal stuff and my family, and I used my old nickname which was a childhood nickname. When I got into security and started meeting…
Executive Perspectives Pt 2: Reporting to Information Technology
This is the second part of a look at reporting lines in organizations. You can click here to read about when Security reports directly to the CEO. Navigating the complex security landscape in the bustling tech hub of Silicon Slopes, particularly within startup ecosystems, is akin to charting unexplored terrain. Having spent considerable time in…
Executive Perspectives: Navigating Security Reporting Across the C-Suite
An important part of providing value to an organization is dependent on how Security reports to executives. There are lots of ways Security can stack up in an organization. In past lives, I’ve reported to the CTO, to the CISO, to a VP of customer service, to General Counsel, and most recently, to the COO.…
Making Informed Decisions: An Argument for Training Rather Than Hiring
What do you do when your org would rather hire than train?
Democracy Isn’t Working the Way I Thought It Would
When big hacks happen, shouldn’t that affect the organization negatively? Shouldn’t the users demand more accountability? Why do people not care? And why do the leaders not pay for bad decisions?
Casting One’s Resume to the Void
Searching for a job sucks. Part of the problem is the automated system. Part of it is the lack of response — the VOID.
Starting My Master’s Degree
Oh, ISC(2), how I have blocked you from my mind. It’s often said that you need to know much of everything to get your CISSP (Certified Information Systems Security Professional). You need to know information security “a mile wide and an inch deep.” That’s a very accurate description. When I took my CISSP exam, it…
Adding Value to Security
Security can’t always be a money pit. We need to provide more positive security value to the organization. I have ideas.
I don’t SEO very well
I tend to write the way I think. My thoughts don’t lend themselves to SEO efforts very well. I seem to go on too long, with my sentences bypassing a limit of 20 words almost 50% of the time. My paragraphs are too long. I tend to begin sentences with the same word — I…